Employee benefit plan (EBP) audits and reporting will be quite different in the near future as changes in generally accepted auditing standards take effect.
Communications with management and those charged with governance will be more substantial and robust. The auditor's report will be more comprehensive and clearer. And practitioners will no longer issue a disclaimer when management elects to have an audit performed pursuant to ERISA Section 103(a)(3)(C). Instead, they will provide a two-pronged opinion that will clearly state the results of their findings.
The changes are described in AICPA Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, as amended. Along with a suite of auditor reporting standards, SAS No. 136 takes effect for audits of ERISA plan financial statements for periods ending on or after Dec. 15, 2021. (The effective date listed in SAS No. 136 was delayed one year by SAS No. 141 because of the coronavirus pandemic.)
To assist auditors with these changes, the AICPA last week published FAQs and illustrative auditor's reports for the initial year of implementation of SAS No. 136. The resource contains nine illustrative reports showing practitioners how reporting can be accomplished under the standard in various scenarios.
"These new FAQs are really helpful because the standard illustrated just one format (the use of two reports) in the initial year of implementation," said Sue Hicks, CPA, a senior technical manager on the AICPA's Employee Benefit Plan Audit Quality Center (EBPAQC) team. "It will be a really valuable tool, especially for the early implementers this year, because it clarifies and illustrates that there are other options."
Auditor's reports published under the new standard will:
- Explain management's responsibilities with respect to the financial statements;
- Disclose the auditor's responsibilities with respect to the audit;
- For ERISA Section 103(a)(3)(C) audits (formerly known as "limited-scope" audits), will explain the nature and scope of those engagements; and
- For non-section ERISA Section 103(a)(3)(C) audits, require the auditor to include a statement about whether the form and content of the information in Form 5500 supplemental schedules are presented in conformity with the Department of Labor's Rules and Regulations for Reporting and Disclosure under ERISA.
"The auditor's report is now a lot more transparent than it used to be," Hicks said.
Whereas limited-scope audits required a disclaimer, ERISA Section 103(a)(3)(C) audits under the new standards will include a two-pronged opinion. One part of the opinion states whether the information not covered in the certification is presented fairly in all material aspects. The other prong of the opinion states whether the certified investment information in the financial statements agrees with or is derived from the certification.
New performance requirements under the standard include:
- Obtaining management's acknowledgement of certain management responsibilities related to the financial statements and the audit.
- As part of risk assessment, obtaining and reading the most current plan instrument for the audit period, including effective amendments, as part of obtaining an understanding of the entity.
- Identifying any plan provisions that are relevant to the audit and performing procedures related to those plan provisions.
- Determining whether management has performed the relevant IRC compliance tests, as applicable.
- Considering whether prohibited transactions identified by management or as part of the audit have been appropriately reported in the applicable ERISA-required supplemental schedules.
- Obtaining a substantially complete Form 5500 and reading to identify possible material inconsistencies with the financial statements.
- For ERISA Section 103(a)(3)(C) audits, performing certain procedures related to the certification, including evaluating management's assessment of the certification.
- Communicating to those charged with governance the auditor's responsibilities, procedures performed, and the results of procedures related to Form 5500; and any reportable findings related to the audit.
Hicks said firm reviews of procedures and training of staff will be important in the successful implementation of this standard. The AICPA and its EBPAQC will provide auditors with numerous resources related to these changes, including webcasts and conference sessions.
Resources are available at:
- The EBPAQC webpage.
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA's editorial director.